-----Original Message----- From: Len Conrad [mailto:[EMAIL PROTECTED]] Sent: 01 November 2000 14:19 To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] Gateway Problems >[Myles Dempsey] I either relay the mail for the trusted IP addresses and >reject the mail from the Internet users or accept the Internet Users and >reject the mail from the trusted IP addresses. I have not had the SMTP AUTH >turned on. ok, then that's precisely your pb. Everybody who wants to relay mail through your Imail, but who are not on your "relay for addresses" ip's, must use SMTP AUTH before sending. >If you can spare the time could you briefly explain how this >works and are there any problems that my users will start to call about. Yes, the pb is social, not technical ( well, actually ... vbg ). When you put "relay for addresses" security, your non-local-ip users must use SMTP AUTH, which means they set their mail pgms to do SMTP AUTH. >Most user either the web based front end these users are authenticated by web messaging login. > or Outlook Express / Outlook 2000. These and all other users off your ip's must use SMTP AUTH. Very simple rule, very good results (you will not listed in ORBS/MAPS) but not so simple to get MS users to change the settings to activate SMTP AUTH. Eudora defaults to SMTP AUTH for each mail personality ("authentication allowed" checkbox checked per mail account when created), while MS apparently defaults to insecure, as they have historically. Guess who get to pay the MS support burden for MS's insecure default decisions? btw, a better alternative is to have your "roaming users" (off your ip's) relay their mail through their access provider's mail servers rather than in/out through your firewall/Imail. This keeps your firewall traffic down AND fixes your SMTP AUTH pb. If your firewall gets bogged down with all this mail traffic and DNS traffic from Imail, deploy a bastion mail server outside your firewall. Len http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 & 8.2.3 T6B for NT4 & W2K http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
